Agentic AI Accountability in GRC

Traditional AI in compliance is advisory: a model surfaces an anomaly, a human decides what to do. Agentic AI works on a different structure. An agent receives a goal, "monitor third-party control evidence and flag overdue items", and autonomously determines which tools to use, which systems to query, and what action to take. By default, the human sits outside the decision loop and only enters it when the system is explicitly designed to require their review.

This shift matters because the accountability frameworks built for advisory AI do not map cleanly onto agentic systems. When a compliance professional reviews an AI recommendation and acts on it, the human decision is on record. When an agentic system sends a supplier a formal notification, updates a risk register, or closes a control as tested without human sign-off, the decision trail becomes an automated log.

Accountability then depends entirely on whether that log is complete, tamper-evident, and attributed to a named individual within the firm.

Get a fuller picture of what agentic AI means inside a GRC workflow.

The regulatory context is tightening alongside the technology. The EU AI Act (Regulation (EU) 2024/1689) came into force on 1 August 2024 with phased obligations and classifies AI systems used in areas including critical infrastructure management and fundamental rights as high-risk, with full compliance obligations from August 2026.

GRC systems operating in financial services may fall within this classification depending on their function and the decisions they influence. Separately, the FCA has made clear in multiple publications that firms cannot delegate regulatory accountability to technology vendors. The accountability sits with the regulated firm and stays there.

The accountability gap in agentic AI is fundamentally a documentation and design failure. Most GRC teams deploying agentic tools have yet to answer three questions that regulators will ask:

1. Which named individual within the firm is accountable for the agentic system's compliance decisions?

2. Which decisions is the system authorised to make without human review, and which require it?

3. Where is the complete, auditable record of every autonomous action the system has taken?

The failure mode is rarely that firms have no answers. The answers exist, but they are scattered across a vendor contract, an implementation document, and an informal assumption held by the compliance team. When something goes wrong, accountability is contested, with no documented record to reconstruct who authorised what.

Vendor Contracts Do Not Transfer Regulatory Accountability

A common assumption is that liability can be managed through vendor contracts, so that if an AI system produces a wrong output, the vendor bears the risk. Financial services regulation works differently. The FCA's Principles for Businesses, particularly Principle 3, which requires firms to take reasonable care to organise and control their affairs responsibly, places accountability for compliance outcomes on the regulated firm.

Outsourcing a function to an AI system, or to a vendor who provides one, leaves that accountability where it is. The FCA's outsourcing and operational resilience guidance explicitly requires firms to retain management oversight of material outsourced activities, and an agentic AI operating on compliance tasks meets that threshold.

The EU AI Act High-Risk Classification

The EU AI Act creates specific obligations for high-risk AI systems. Under Annex III of the Act, AI systems used in the management and operation of critical infrastructure, and systems used to evaluate creditworthiness or establish credit scores, fall into the high-risk classification. AI systems used in the administration of justice and democratic processes are also covered.

For GRC teams, the key question is whether an agentic system acting on risk or compliance data in a regulated sector meets the threshold. Where it does, the Act requires a risk management system maintained throughout the AI system's lifecycle (Article 9), technical documentation demonstrating compliance (Article 11), automatic logging of events (Article 12), human oversight measures built into the system design (Article 14), and standards for accuracy and cybersecurity (Article 15). Full obligations apply from August 2026 for high-risk systems, so classification assessments need to start now.

ISO 42001:2023, the international standard for AI management systems, is the most directly applicable framework for structuring accountability around agentic AI in GRC. It operates as a management system standard, similar in structure to ISO 27001:2022 for information security, and requires organisations to establish, implement, maintain, and continually improve an AI management system.

A deeper walkthrough of the standard sits in our ISO 42001 implementation guide.

Accountability Assignments Under ISO 42001

ISO 42001:2023 Clause 5.3 requires top management to assign and communicate responsibilities and authorities for relevant roles in the AI management system. Generic delegation of "AI ownership" to a technology function does not satisfy the requirement. The standard expects specific accountability for each AI system the organisation deploys.

For an agentic GRC system, this means a named individual or role is accountable for the decisions the system is authorised to make, the oversight processes in place, and the remediation process when the system produces an incorrect output.

Clause 6.1 requires the organisation to identify AI-related risks and opportunities, with particular attention to the impact of AI decisions on individuals and organisations. For agentic compliance systems, the risks include false positives (flagging compliant controls as failing), false negatives (missing genuine control failures), and decision latency (acting on outdated data). These risks have to be documented and managed, never assumed away.

AI Impact Assessments

Annex B of ISO 42001:2023 provides guidance on AI impact assessment, a structured analysis of how an AI system may affect individuals, organisations, and society. For agentic systems making compliance decisions, an impact assessment should address what decisions the system makes autonomously, the consequences of incorrect decisions, how incorrect decisions are detected and corrected, and who is notified when the system overrides or escalates a decision.

The impact assessment is both a standard requirement and a regulatory artefact. It is the document an FCA supervisor would expect to see if they asked how the firm governs its AI systems.

Human-in-the-loop (HITL) design structures AI systems so that specific decision points require human review and approval before action is taken. In agentic systems, HITL works as a design architecture in which specific decision points each carry their own threshold for human review, calibrated to the consequence of the action.

Tiered Override Design

Different agentic actions warrant different levels of human oversight. A practical tiered approach assigns override requirements based on the consequence of the action.

This tiered structure makes HITL requirements explicit and auditable. When a regulator asks how human oversight is applied, the firm can hand over a documented policy with explicit tiers and approval thresholds.

Override Records Are Compliance Evidence

In a well-designed agentic system, every human override and every decision the system makes without one becomes a compliance record. When a compliance officer approves a Tier 3 action, that approval should be timestamped, attributed, and retained alongside the system's recommendation and the data it acted on. This is the audit trail that demonstrates human accountability for AI-assisted decisions, and it should be designed in from the start.

Audit trail quality is where most current agentic GRC deployments fall short. A system that takes autonomous actions without producing a complete, immutable, and queryable record of those actions is ungovernable, regardless of how accurate it is on average.

This article on building an auditable and defensible AI governance framework sets out the documentation architecture in more depth.

What a Compliant Audit Trail Requires

For agentic actions in a regulated compliance context, an audit trail must capture:

1. The action taken and the system component that initiated it.

2. The data inputs and their sources at the moment of decision.

3. The decision logic or model version applied.

4. The timestamp and sequence relative to other actions in the same workflow.

5. Whether human review was required, and if so, the identity and decision of the reviewer.

6. Any override of the system's recommendation, with the reason recorded.

EU AI Act Article 12 requires that high-risk AI systems enable the logging of events throughout the system's operation, specifically including the activation of the system, its input data, and any situations that resulted in the system producing results not expected by the deploying organisation. ISO 42001:2023 Clause 9.1 requires monitoring, measurement, analysis, and evaluation of the AI management system, which cannot be carried out without complete event logs from the system itself.

Immutability and Chain of Custody

An audit trail that can be altered after the fact provides no evidential value. For compliance purposes, logs of autonomous agent actions should be written to tamper-evident storage, with access controls preventing post-hoc modification.

Financial entities subject to DORA must maintain tamper-resistant records of ICT-related events as part of their operational resilience obligations. Agentic AI deployments in regulated firms carry the same requirement: logging is a compliance obligation, designed in from the start.

FCA Expectations

The FCA has not yet published dedicated supervisory guidance on agentic AI in compliance functions, but its existing framework already sets the expectations. Under the FCA's Senior Managers and Certification Regime (SM&CR), a named Senior Manager must be accountable for each material area of a firm's operations, and an agentic AI system operating on compliance tasks counts as a material operational area.

The relevant Senior Manager keeps the accountability and cannot delegate it to the system or its vendor. They have to be able to demonstrate oversight, including explaining why the system was deployed, how it is monitored, and how errors are identified and remediated.

The FCA's approach to operational resilience, set out in Policy Statement PS21/3 and the rules in SYSC 15A, requires firms to identify important business services and ensure they can remain within defined impact tolerances. Where agentic AI is embedded in an important business service, for example continuous control monitoring for a critical regulatory obligation, it sits inside the resilience scope. Firms must be able to demonstrate they can continue or restore the service if the AI component fails, and that manual fallback processes exist.

ICO Expectations

Where an agentic AI system makes or significantly influences decisions about individuals, including decisions about employees in relation to compliance processes, or decisions that affect data subjects, the ICO's guidance on automated decision-making under UK GDPR Article 22 applies. Article 22 restricts solely automated decisions that produce legal or similarly significant effects and requires firms to provide meaningful information about the logic involved and the right to obtain human review.

For agentic GRC systems that influence employment-related compliance decisions, this needs an explicit assessment of whether Article 22 applies and, where it does, documented safeguards.

The ICO's accountability framework under UK GDPR Article 5(2) also requires firms to demonstrate compliance with data protection principles. Where an agentic system processes personal data as part of its compliance workflow, for example in reviewing access logs or third-party personnel records, a data protection impact assessment (DPIA) under UK GDPR Article 35 is likely required, and the system's data processing activities have to appear in the firm's Article 30 records of processing activities.

A practical accountability framework for agentic AI in GRC draws on all of the above and has five components:

1. Named accountable individual: identify the Senior Manager or equivalent role accountable for each agentic system, documented in the firm's SM&CR statement of responsibilities or equivalent governance record.

2. Decision scope documentation: define explicitly which decisions the system is authorised to make at each tier, and which require human review. This document sets the governance boundary for the system.

3. ISO 42001 AI management system: implement the management system requirements of ISO 42001:2023, including risk assessment (Clause 6.1), accountability assignments (Clause 5.3), and AI impact assessments (Annex B).

4. Audit trail design: require tamper-evident, complete logging of all autonomous actions, including data inputs, decision logic, and any human override records. Treat log integrity as a compliance requirement, designed in from the start.

5. Regular review and validation: establish a review cadence for the agentic system's outputs, covering both monitoring for failures and validation that the system's decision patterns remain within the defined scope. Watch for decision types that have drifted into autonomous territory without explicit authorisation.

For teams looking at how this plays out across vendor populations, our piece on agentic AI for third-party risk and continuous vendor monitoring walks through the operating model in detail.